Open maltfield opened 8 months ago
This is especially an issue because currently even deleting your user account doesn't delete the files you've uploaded
See also this ticket to add a section to the Lemmy UI for admins to be able to delete individual images.
For additional context of this issue, please see Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
@maltfield it is good that you didnt posted it, otherwise it could have gotten federated and then your image is everywhere.
My suggestion would be:
If you upload an image during writing a comment or post and press "Cancel", it should delete the image(s) that got uploaded If you upload an image during writing a comment or post and delete it after and still send the comment, it should remove the image uploaded
All images should be tracked who uploaded it, and the user himself should be able to look what images he upload and delete it on his behalf.
Requirements
Describe the feature you'd like
This is a request to implement a section of the Lemmy WUI where users can:
Problem
Currently it's not possible in the Lemmy WUI for users to delete files that they've uploaded.
This is not just an inconvenience. It's a violation of user's rights, and it's a legal risk to lemmy instane admins. This law applies to any website operating anywhere in the world (not just to websites or businesses located in the EU) that has users who are residents of the EU (so it likely affects >90% of public lemmy instances with >100 active users).
The fines for this violation are commonly millions of euros or a percent of of revenue, whichever is higher. At the time of writing, websites have been fined 98.4 million EUR for violating this class of GDPR violation (Insufficient fulfilment of data subjects rights).
Making the endpoint accessible over an API is not trivial and therefore doesn't satisfy this requirement. Google recieved one fine of 150 million EUR in 2022 simply for making it more than 1-click to reject cookies. Certainly requiring a user to figure out how to make API calls (including figuring out the darn delete token, which makes even seasoned admins scratch their heads) would not satisfy the GDPR's "Right to Erasure" requirement.
Solution
There should be a very straightforward way in the lemmy WUI for users to view & delete any files that they've uploaded.